Glossary of IT and cybersecurity terms

Unauthorized access
Access to a physical or logical network, system or data without authorization.

Wi-Fi Protected Access
A security protocol and security certification program designed by the Wi-Fi Alliance to protect wireless computer networks.
[SOURCE: ISO 20415:2019]

Updating software or firmware.

Invasion of privacy
Incident involving actual or suspected loss of personal information.

Data breach
Cybersecurity incident where a person seizes sensitive information without the authorization of the owner.

Multi-factor authentication
Authentication method that requires, to verify the user’s identity, a combination of factors (two or more): something that the user knows (e.g. password) or possesses (e.g. physical token ), or a physical attribute (e.g.: biometrics).

Changing the form of information to hide its content and prevent unauthorized access.
[SOURCE: Canadian Center for Cyber Security]

Malicious code
Program or code written to gather information about a system or user, destroy system data, facilitate deeper intrusion into a system, falsify system data or reports, or create nuisances that slow down system operations. system and the activities of maintenance personnel.
NOTE 1: A malicious code attack takes various forms: virus, worm, Trojan horse or other automated exploit.
NOTE 2: Malicious code is also often called “malware”.
[SOURCE: IEC/TS 62443-1-1:2009]

Ability to protect sensitive information from unauthorized access.

Confirmation of biological or behavioral characteristics
Identity verification method that is based on biological characteristics (anatomy and physiology; e.g. face, fingerprints, retinas) or behavioral characteristics (e.g. keyboard typing rhythm, gait) to prove that the person presenting information about an identity is the person who possesses that identity.
NOTE: Confirmation of biological or behavioral characteristics is done through a summons and response protocol: the characteristics recorded in a file or database are compared to those of the person presenting the identity information.
[SOURCE: CAN/CIOSC 103-1:2020]

Network failure (widespread)
Incident affecting the confidentiality, integrity or availability of a network.

Application system failure
Incident affecting the confidentiality, integrity or availability of an application.

Denied service
See “service interruption”.

Indication of a possibility of choice with a marked preference; equivalent to “it is strongly recommended”.

Unauthorized disclosure
Incident affecting the confidentiality, integrity or availability of data.

Email authentication protocol, short for domain-based message authentication, reporting & conformance. It allows the owner of a given email domain to protect their domain against unauthorized use, commonly called “email spoofing”.

Indication of a requirement for the design or application of a test method.

Minimum access right
Principle according to which the user is granted only the access permissions he needs to carry out the authorized tasks. This principle limits the damage that may result from unauthorized, incorrect or accidental use of an information system.
[SOURCE: Canadian Center for Cyber Security]

Enterprise mobility management
A set of systems managing mobile computing services or devices for an organization.

Password manager
A computer program that allows the user to store, generate and manage passwords for local applications and online services. It helps produce and recover complex passwords by storing them in an encrypted database or calculating them on demand.

Cybersecurity incident
An unauthorized attempt, whether successful or unsuccessful, to access, modify, destroy, delete or render inoperable a system resource or computer network.

Sensitive information
Information that must be protected against unauthorized disclosure.

Ability to protect information from unauthorized modification and deletion.

Service interruption
Incident preventing access to a service or otherwise disrupting normal operation.

Malware designed to infiltrate or damage a computer system. Some common forms include viruses, worms, Trojan horses, spyware and adware.
[SOURCE: Canadian Center for Cyber Security, Glossary]

Open Web Application Security Project.

Security barrier between two perimeters controlling the volume and types of traffic allowed to pass from one to the other.

Loss of information
See “unauthorized disclosure”.

Indication of a possibility of choice with an implicit preference.

Incident Response Plan
A document establishing the processes, procedures, and documentation for how the organization detects, responds to, and recovers from incidents. Cyber threats, natural disasters and unplanned outages are examples of incidents that impact organizations’ networks, systems and devices.
[SOURCE: Canadian Center for Cyber Security]

Damage suffered by an organization when its IT systems and assets are compromised.

A type of malware that prevents a user from accessing a system or data until they have paid funds or handed over a physical or virtual asset.

Wireless Local Area Network (WLAN)/(Wi-Fi)
Wireless local area networking technology that allows the connection of electronic devices to the network, primarily using the 2.5 GHz and 5 GHz radio bands.
NOTE 1: “Wi-Fi” is a trademark of the Wi-Fi Alliance.
NOTE 2: “Wi-Fi” is commonly used as a synonym for “WLAN”, since most modern WLAN networks rely on Wi-Fi standards.
[SOURCE: ISO/IEC 27033-6:2016]

Virtual Private Network (VPN)
A restricted-use logical computer network constructed from the resources of a physical network by using encryption or by tunneling links from the virtual network through the real network.
[SOURCE: ISO/IEC 18028-3:2005]

Service with impact
Service causing human impact, e.g. ex. finances, support (or assistance), housing, education, recruitment and benefits.

Secure mobile service
Security of a mobile device (e.g. cell phone, tablet).

Secure removable media
Security of removable media (e.g. USB key).

Domain Name System (DNS)
A global distributed and hierarchical nomenclature used to identify entities connected to the Internet.
NOTE: Top-level domains are at the top of the hierarchy.
[SOURCE: ISO/TR 14873:2013]

Information technology.

Unauthorized use
Use of a physical or logical network, system, or data without authorization.

If you cannot find a term in this glossary and you still have questions about the vocabulary used in our conditions, policies and notices, please write to us at and we will be happy to help you explain the term!